[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 3 21:17:53 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e4c9af4 by Moritz Muehlenhoff at 2025-04-03T22:17:34+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2025-3170 (A vulnerability classified as critical has been found in Project
CVE-2025-3169 (A vulnerability was found in Projeqtor up to 12.0.2. It has been rated ...)
TODO: check
CVE-2025-3168 (A vulnerability was found in PHPGurukul Time Table Generator System 1. ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-3167 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-3166 (A vulnerability classified as critical was found in code-projects Prod ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-3165 (A vulnerability classified as critical has been found in thu-pacman ch ...)
TODO: check
CVE-2025-3164 (A vulnerability was found in Tencent Music Entertainment SuperSonic up ...)
@@ -33,7 +33,7 @@ CVE-2025-3163 (A vulnerability was found in InternLM LMDeploy up to 0.7.1. It ha
CVE-2025-3162 (A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has bee ...)
TODO: check
CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
TODO: check
CVE-2025-3159 (A vulnerability, which was classified as critical, was found in Open A ...)
@@ -55,77 +55,77 @@ CVE-2025-32050 (A flaw was found in libsoup. The libsoup append_param_quoted() f
CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may accept a ...)
TODO: check
CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo Business Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31903 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31902 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31901 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31899 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31898 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31896 (Missing Authorization vulnerability in istmoplugins GetBookingsWP allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31893 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31876 (Missing Authorization vulnerability in gunnarpayday Payday allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31858 (Missing Authorization vulnerability in matthewrubin Local Magic allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31841 (Missing Authorization vulnerability in Frank P. Walentynowicz FPW Cate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31827 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31825 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31800 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31795 (Missing Authorization vulnerability in Plugin Devs Shopify to WooComme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31794 (Missing Authorization vulnerability in Web Ready Now WR Price List Man ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31789 (Missing Authorization vulnerability in Matat Technologies TextMe SMS a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31768 (Missing Authorization vulnerability in OTWthemes Widget Manager Light ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31758 (Missing Authorization vulnerability in BinaryCarpenter Free Woocommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31746 (Missing Authorization vulnerability in Think201 Clients allows Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31739 (Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31736 (Missing Authorization vulnerability in richtexteditor Rich Text Editor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31729 (Missing Authorization vulnerability in jeffikus WooTumblog allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31622 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31581 (Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31558 (Insertion of Sensitive Information into Externally-Accessible File or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31554 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31541 (Missing Authorization vulnerability in turitop TuriTop Booking System ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31489 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
TODO: check
CVE-2025-31487 (The XWiki JIRA extension provides various integration points between X ...)
@@ -139,13 +139,13 @@ CVE-2025-31483 (Miniflux is a feed reader. Due to a weak Content Security Policy
CVE-2025-31481 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
TODO: check
CVE-2025-31468 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31467 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31161 (CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication b ...)
TODO: check
CVE-2025-31127 (Element X Android is a Matrix Android Client provided by element.io. I ...)
@@ -159,19 +159,19 @@ CVE-2025-31098 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30916 (Missing Authorization vulnerability in enituretechnology Residential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30915 (Missing Authorization vulnerability in enituretechnology Small Package ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30908 (Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30889 (Deserialization of Untrusted Data vulnerability in PickPlugins Testimo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30616 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30611 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30596 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-30406 (Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.563 ...)
@@ -181,9 +181,9 @@ CVE-2025-2946 (pgAdmin <= 9.1 is affected by a security vulnerability with Cross
CVE-2025-2945 (Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool ...)
TODO: check
CVE-2025-2299 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29987 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-29647 (SeaCMS v13.3 has a SQL injection vulnerability in the component admin_ ...)
TODO: check
CVE-2025-29570 (An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 al ...)
@@ -191,11 +191,11 @@ CVE-2025-29570 (An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v
CVE-2025-29504 (Insecure Permission vulnerability in student-manage 1 allows a local a ...)
TODO: check
CVE-2025-29462 (A buffer overflow vulnerability has been discovered in Tenda Ac15 V15. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-29369 (Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in ...)
TODO: check
CVE-2025-29064 (An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-26818 (Netwrix Password Secure through 9.2 allows command injection.)
TODO: check
CVE-2025-26817 (Netwrix Password Secure 9.2.0.32454 allows OS command injection.)
@@ -213,15 +213,15 @@ CVE-2025-22927 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to
CVE-2025-22926 (An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execut ...)
TODO: check
CVE-2025-22457 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-0272 (HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This v ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-9416 (The Modula Image Gallery plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45198 (insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerab ...)
TODO: check
CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\clas ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
TODO: check
CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library plus comma ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c9af419584a7a33dee30d637f7da914329f57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c9af419584a7a33dee30d637f7da914329f57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/3c551af0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list